This Help forum is for issues relates to webtrees 1.7. For issues related to webtrees 2.0, please use that forum.
Before asking for help please read "Requesting Help and Suggestions" by clicking on that tab above here."
  • Page:
  • 1

TOPIC:

A security question!!! 1 month 6 days ago #1

  • potain
  • potain's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 95
Hello

One of my relatives had his computer hacked and all of us in his address book received a phishing and email impersonation attack.

Unfortunately because of changes in internet infrastructures I used my admin address of the family tree as my main email contact for them and foolishly replied to the hackers email but soon realised my mistake when demands of payment of monies were made. I have since reported the offending mail to orange.fr abuse section.

Can I please ask you if you would know if the hackers having my email address present any danger of them getting access to the tree?

I am just about to change my admin password to the site, is there anything else that I should do or be of concern?

Thank you for your help
Novice in all webtrees matters and in every respect

Please Log in or Create an account to join the conversation.

A security question!!! 1 month 6 days ago #2

  • Sir Peter
  • Sir Peter's Avatar
  • Offline
  • Junior Member
  • Junior Member
  • Posts: 154
Without warranty:

For the webtrees part: The e-mail address alone will not allow anyone to logon to webtrees, even if you used your e-mail address as your username which you probably didn't.

For the rest of the IT world: Many other web services use the e-mail address as the username. These web services can be attacked with brute force attacks or manually to logon as you. On the other hand a hacker might send e-mails pretending to be you. Now that they have your e-mail address they will keep bothering you. I suggest to get rid of the hacked e-mail address as quickly as possible and replace it with a new one wherever it was used. Additionally you should check your workstation for viruses.
Peter

Please Log in or Create an account to join the conversation.

A security question!!! 1 month 5 days ago #3

  • potain
  • potain's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 95
Sir Peter, thanks for you reply.

I've changed my user name which was admin the same as the email address, The family member who was impersonated has not logged in as a user so I presume that the hackers did not obtain his login details and other users are safe with still using the admin-at-myfamilyname-.com address. I have changed his role to Visitor from Editor but is there a way of suspending is account temporarily, just in case?

It's a real worry when you consider the means and expertise at Facebook disposal and yet to learn of the recent huge data leak of personal data of 533 million Facebook users that has surfaced in a hacker forum. How much more vulnerable are us ordinary home users?

Checking the website logs, the example below has occurred frequently over the last few day and it relates to Google maps and I wonder if there is a flaw in it which they (ips all from china - probably spiders but you never know) are trying to exploit:

2021-04-07 01:03:51error /home/*****/public_html/*****/app/Module/GoogleMapsModule.php:605 syntax error, unexpected end of file
#0 /vendor/composer/ClassLoader.php:322 ParseError("syntax error, unexpected end of file")
#1 unknown:unknown loadClass('Fisharebest\\Webtrees\\Module\\Go…')
#2 /modules_v3/googlemap/module.php:20 spl_autoload_call('Fisharebest\\Webtrees\\Module\\Go…')
#3 /app/Module.php:133 include('/home/*******l/public_html/****…')
#4 /app/Module.php:343 getActiveModules()
#5 /app/Theme/AbstractTheme.php:1404 getModuleByName('user_favorites')
#6 /app/Theme/AbstractTheme.php:2139 menuFavorites()
#7 /app/Theme/AbstractTheme.php:672 secondaryMenu()
#8 /app/Theme/AbstractTheme.php:248 headerContent()
#9 /app/Controller/PageController.php:185 bodyHeader()
#10 /calendar.php:132 pageHeader()

IP Address: 110.249.202.70 User none
110.249.202.70 /110.249.202.68 reported as spam 6 websites attacked, discovered Jul 23, 2019, last activity Mar 22, 2021 17:10:29. (cleantalk.org/blacklists/110.249.202.70)


I do admit to a degree of assurance (maybe falsely) in knowing that I organised the site with a Dummy tree which prohibits any access to the real tree from visitors and only wished had the skills to emulate it when I eventually have to upgrade to version 2.
Novice in all webtrees matters and in every respect

Please Log in or Create an account to join the conversation.

A security question!!! 1 month 5 days ago #4

  • Sir Peter
  • Sir Peter's Avatar
  • Offline
  • Junior Member
  • Junior Member
  • Posts: 154
This post number 8 at www.webtrees.net/index.php/en/forum/help...log-ver-2-0-11#82338 might help to block certain IP addresses.
Peter

Please Log in or Create an account to join the conversation.

A security question!!! 1 month 5 days ago #5

  • fisharebest
  • fisharebest's Avatar
  • Away
  • Administrator
  • Administrator
  • Posts: 14515
From this error message, it looks like the file is corrupt/truncated.
I would re-install it. I would also re-install all the other files, in case others are also corrupt.

It does not look like the sort of thing that would happen as a result of a hacker.

> Can I please ask you if you would know if the hackers having my email address present any danger of them getting access to the tree?

Personally, I would not worry.

If a determined and well-resourced attacker (e.g. a nation state) wants to break into your server, then nothing will stop them.

But you should be safe from "random hackers".
Greg Roach - This email address is being protected from spambots. You need JavaScript enabled to view it. - fisharebest.webtrees.net

Please Log in or Create an account to join the conversation.

  • Page:
  • 1
Powered by Kunena Forum